Raj Samani, McAfeeMcAfee’s Q2 Threat Report covers a lot of ground, from assessing malware, ransomware, mobile malware and other threats, to the rise of script-based malware, threat hunting best practices, to analyzing the WannaCry and NotPetya ransomware and examining attacks across industries.What stands out the most? Facebook has become a notable attack vector. That's not good.Here’s more bad news:
Healthcare accounted for 26 percent of Q2 2017 security incidents.
New malware samples were up 67 percent in Q2 to 52 million.
Faceliker, which infects a user’s web browser to hijack Facebook ‘likes’ to falsely promote content, accounted for nearly 9 percent of the quarter’s newly detected malware.
Mobile malware grew 61 percent in the past four quarters.
Global infections of mobile devices rose by 8 percent, Asia climbed by 18 percent.
New macro malware rose by 35 percent, new ransomware grew 54 by percent.
PowerShell script-based malware increased by 1385 percent over the last two years.
The good news:
Mac OS malware growth declined to 4 percent as adware surge ebb.
McAfee suggests threat hunting best practices.
Forewarned is forearmed.
McAfee also dives into malware threats and incidents during Q2:
Security incidents, targets:
311 publicly disclosed security incidents increased 3 percent to 311 in Q2, of which 78 percent took place in the Americas.
The health, public, and education sectors accounted for more than 50 percent of total incidents in 2016-2017 worldwide.
Geographies, sectors:
In North America, healthcare sector attacks led vertical sectors in Q2 security incidents in the Americas.
In Asia, the public sector led in reported Q2 incidents, followed by financial services and technology.
In Europe, the public sector led followed by entertainment, health, finance, and technology.
Attack vectors, malware types:
Account hijacking led disclosed attack vectors, followed by DDoS, leaks, targeted attacks, malware and SQL injections.
The total number of malware samples grew by 23 percent in the past four quarters to about 723 million samples.
Ransomware samples grew by 47 percent in the past four quarters to 10.7 million samples.
Total mobile malware is up 61 percent in the past four quarters to 18.4 million samples.
Some 91,000 new mobile malware samples raised the overall count to 1.1 million.
The Gamut botnet continues to spam with job-related junk and phony pharmaceuticals. The Necurs botnet was the most disruptive, pushing multiple pump-and-dump stock scams during the quarter.
There’s more: In this blog, McAfee revisits WannaCry and NotPetya. The security provider also examines script-based malware and offers suggestions for threat hunters. For some more perspective, here's what two McAfee executives had to say about malware:On WannaCry and NotPetya: "We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.” -- Raj Samani, McAfee chief scientist.On threat hunting: “One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organization’s preventive security measures.” -- Ismael Valenzuela, McAfee threat hunting, security principal engineer.
D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.
Russia's invasion of Ukraine features alleged cyberattacks. Follow this Russia-Ukraine conflict timeline for cyber & kinetic warfare updates, and guidance for MSSPs worldwide.
